package fly.config;

import org.apache.shiro.authc.credential.CredentialsMatcher;
import org.apache.shiro.cache.MemoryConstrainedCacheManager;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.ldap.embedded.EmbeddedLdapProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.LinkedHashMap;

@Configuration
public class ShiroConfiguration {

    @Bean("shiroFilter")
    public ShiroFilterFactoryBean shiroFilter(@Qualifier("securityManager") SecurityManager securityManager){
        ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
        bean.setSecurityManager(securityManager);

        // 登录的url
        bean.setLoginUrl("/login");
        // 成功的url
        bean.setSuccessUrl("/index");
        // 不合法的url
        bean.setUnauthorizedUrl("/unauthorized");

        LinkedHashMap<String, String> map = new LinkedHashMap<>();
        // DefaultFilter 中定义
        map.put("/index", "authc"); //authc 表单验证过滤器
        map.put("/login", "anon"); // anon 匿名过滤器
        map.put("/loginUser", "anon");
        map.put("/admin", "roles[admin]"); // 角色授权过滤器
        map.put("/edit", "perms[edit]"); // 权限授权过滤器
        map.put("/druid/**", "anon");// 不拦截druid的所有请求
        map.put("/**", "user"); // 用户过滤器
        bean.setFilterChainDefinitionMap(map);
        return bean;
    }

    //安全管理器
    @Bean("securityManager")
    public SecurityManager securityManager(@Qualifier("myAuthorizingRealm") MyAuthorizingRealm realm){
        DefaultWebSecurityManager manager = new DefaultWebSecurityManager();
        manager.setRealm(realm);
        return manager;
    }

    //凭证匹配
    @Bean("myAuthorizingRealm")
    public MyAuthorizingRealm myAuthorizingRealm(@Qualifier("credentialsMatcher") MyCredentialsMatcher matcher){
        MyAuthorizingRealm realm = new MyAuthorizingRealm();
        realm.setCacheManager(new MemoryConstrainedCacheManager());//设置缓存管理器
        realm.setCredentialsMatcher(matcher);//设置凭据匹配器
        return realm;
    }
    // 凭证匹配器
    @Bean("credentialsMatcher")
    public MyCredentialsMatcher credentialsMatcher(){
        return new MyCredentialsMatcher();
    }

    //授权属性源顾问
    @Bean
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(@Qualifier("securityManager") SecurityManager securityManager){
        AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor();
        advisor.setSecurityManager(securityManager);
        return advisor;
    }

    //默认顾问自动代理创建者
    @Bean
    public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator(){
        DefaultAdvisorAutoProxyCreator creator = new DefaultAdvisorAutoProxyCreator();
        creator.setProxyTargetClass(true);
        return creator;
    }
}
